<?php
include_once "function_obj_analyse.php";
include_once "function_base_xml_class.php";

class CSecAntiVirus extends base_xml_class
{
	function __construct()
	{
		$this->root_path = "/MINI/SECURITY/POLICY/ANTIVIRUSS";
		$this->node_name = "ANTIVIRUS";
		$this->key_array = array("Name", "InDev", "OutDev", "SrcAddr", "DstAddr", "Log",
	        		         "Srv", "Time", "Target", "Enabled", "Type");
	}

	function Apply()
	{
		$iptables = "/usr/local/bin/iptables  ";
	
		$log = '';
		$command  = $iptables. " -t nat -F ANTIVIRUS; ";
		$command .= $iptables. " -F PROXYSERVER; ";
		$ext_command = "";
		
		$ret_list = $this->get_list();
		foreach ($ret_list as $ret)
		{
			
			if ($ret['Enabled'] == 0) {
				continue;
			}
			if ($ret['Log'] == 1){
				$log = ' -j LOG --log-prefix "ANTIVIRUS_LOG" ';
			}
			else {
				$log = '';
			}	
			// ------ Table ------
			$table = " -t nat -A ANTIVIRUS ";
			
			// ------ Active ------
			$value_xml = "";
			$value_xml = $ret['Target'];
			if ($value_xml == "ANTI_VIRUS")
			{
				if ($ret['Srv'] == "UE9QMw==" || // POP3
				    $ret['Srv'] == "U01UUA==")	// SMTP
				{
					$operate = " -j REDIRECT --to-port 8110 ";
					$ext_command .= $iptables. " -A PROXYSERVER -p tcp --dport 8110 -j ACCEPT;";
				}
				if ($ret['Srv'] == "SFRUUA==")	// HTTP
				{
					$operate = " -j REDIRECT --to-port 8080 ";
					$ext_command .= $iptables. " -A PROXYSERVER -p tcp --dport 8080 -j ACCEPT;";
				}
				if ($ret['Srv'] == "RlRQ")	// FTP
				{
					$operate = " -j REDIRECT --to-port 2121 ";
					$ext_command .= $iptables. " -A PROXYSERVER -p tcp --dport 2121 -j ACCEPT;";
				}
			}
			else
				$operate = " -j ". $value_xml;

			// ------ In dev ------
			$value_xml = "";
			$value_xml = $ret['InDev'];
			$indev = ($value_xml == '' || $value_xml == 'All')?(" "):(" -i ". $value_xml. " ");

			// ------ Out dev ------
			$value_xml = "";
			$value_xml = $ret['OutDev'];
			$outdev = ($value_xml == ''|| $value_xml == 'All')?(" "):(" -o ". $value_xml. " ");
			
			// ------ Service ------
			$value_xml = "";
			$value_xml = $ret['Srv'];
			$srv_list = GetServiceList($value_xml);
			//print_r($srv_list);

			// ------ Source address ------
			$value_xml = "";
			$value_xml = $ret['SrcAddr'];
			
			$src_list = GetSourceIpList($value_xml);
			//print_r($src_list);
			// ------ Des address ------
			$value_xml = "";
			$value_xml = $ret['DstAddr'];
			
			$dst_list = GetDestIpList($value_xml);
			//print_r($dst_list);
			
			$value_xml = "";
			$value_xml = $ret['Time'];
			$time = GetTimeString($value_xml);
			//print $time;
			
			foreach ($srv_list as $srv) {
				foreach( $src_list as $src){
					foreach ($dst_list as $dst){
						if ($ret['Log'] == 1){	
							$command .= $iptables. $table. $time. $indev. $src. $srv. $outdev. $dst. $log. ";";
						}
						$command .= $iptables. $table. $time. $indev. $src. $srv. $outdev. $dst. $operate. ";";
					}
				}
			}
		}	
		//print $command;
		//print $ext_command;

		$ret = shell_exec($command);
		$ret = shell_exec($ext_command);
		return $ret;
	}
}

?>
